3 Answers
3

The SSL certificate file contains the X.509 certificate (which, in turn, contains a public key used for encryption). The SSL Certificate Key File contains the private key corresponding to the public key in the certificate. In order for the webserver to encrypt and decrypt traffic, it must have both the public key (certificate) and corresponding private key. Apache, unlike a lot of other server products, stores the key and certificate in separate files. Java-based products, for example, typically use Java KeyStore files, which are an encrypted database containing both the certificate and private key.

SSLCertificateFile should contain only the public portion of your certificate, which you want to deliver from the website to the client.

If SSLCertificateChainFile is specified, the webserver will attach the associated certificates (to build up a whole chain to a Root CA) to the webserver certificate.
You could also put the private portion of your certificate into the file as specified in SSLCertificateFile but this is NOT recommended for security reasons (for example the webserver has a bug, buffer oferflow occurs and prints out the private key to the attacker).

Instead put only the private key in a separate file and declare it in SSLCertificateKeyFile

How about a brief summary like: “In the public-key cryptography, the private key is used to …”?
–
GumboJan 27 '11 at 10:13

He only has to read 3 sentences into the first link to get that summary. If you can answer your question with a quick read of a wiki article, it's a really poor question to ask other human beings here.
–
Dan GrossmanJan 27 '11 at 10:15

He maybe asks for the technical (and maybe not conceptual) reason, which is specific to apache. I tried to answer this the apache way.
–
saxosJan 27 '11 at 10:48